<?php 	
	header('Access-Control-Allow-Origin: *');
	header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
	header('Access-Control-Allow-Methods: GET, POST, PUT,DELETE');
	include('connect.php');

	$name = $_POST['name'];
	$pwd = md5($_POST['pwd']);
	// $name = 'guo';
	// $pwd = md5('linyu');

	$rows = [];

	$sql = 'select user,permission,loginkey from admin where user="'.$name.'" and password="'.$pwd.'"';
	
	$result = $db->query($sql);

	if($result->num_rows== 0){
		$rows['code'] = '20001';
		$rows['msg'] = '账号或密码错误';
	}else{
		
		$loginkey = md5(mt_rand().'!@#$'.'linyu');
		
		$loginkeySQL = 'update admin set loginkey="'.$loginkey.'" where user="'.$name.'"';
		
		$db->query($loginkeySQL);

		$result = $db->query($sql);
		
		if($result->num_rows > 0){
			while($row = $result->fetch_array(MYSQLI_ASSOC)){
				$rows[] = $row;
			}
		}

		$rows['code'] = '20000';
		$rows['msg'] = '登录成功';
	}

	echo json_encode($rows);
	
	



